Contents at a GlanceIntroduction xiCHAPTER 1 The business need for Windows Server 2012 1CHAPTER 2 Foundation for building your private cloud 17CHAPTER 3 Highly available, easy-to-manage multi-server platform 85CHAPTER 4 Deploy web applications on premises and in the cloud 159CHAPTER 5 Enabling the modern workstyle 191Index 229
vWhat do you think of this book? We want to hear from you!Microsoft is interested in hearing your feedback so we can continually improve ourbooks and learning resources for you. To participate in a brief online survey, please visit:microsoft.com/learning/booksurveyContentsIntroduction xiChapter 1 The business need for Windows Server 2012 1The rationale behind cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Making the transition 2Cloud sourcing models 3Cloud service models 4Microsoft cloud facts 5Technical requirements for successful cloud computing. . . . . . . . . . . . . . . . 6Four ways Windows Server 2012 delivers value for cloud computing. . . 10Foundation for building your private cloud 10Highly available, easy-to-manage multi-server platform 12Deploy web applications on-premises and in the cloud 13Enabling the modern work style 14Up next. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Chapter 2 Foundation for building your private cloud 17A complete virtualization platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Hyper-V extensible switch 21Network Virtualization 31Improved Live Migration 37Enhanced quality of service (QoS) 45Resource metering 48
viii ContentsUser Profile Disks 218Enhanced security and compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Dynamic Access Control 221BitLocker enhancements 224DNSSEC 226Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Index 229What do you think of this book? We want to hear from you!Microsoft is interested in hearing your feedback so we can continually improve ourbooks and learning resources for you. To participate in a brief online survey, please visit:microsoft.com/learning/booksurvey
ixForewordForewordWindows Server 2012 introduces a plethora of new features to address theevolved needs of a modern IT infrastructure and workforce. The coreof this experience is the need to scale out, virtualize, and move workloads,applications, and services to the cloud. Windows Server 2012 incorporates ourexperience of building, managing, and operating both private and public clouds,all based on Windows Server. We used that experience to create an operatingsystem that provides organizations a scalable, dynamic, and multi-tenant-awareplatform that connects datacenters and resources globally and securely. Clouds,whether deployed as public or private, rely on the same technology and provideconsistency for applications, services, management, and experiences when theyare deployed in a hosted environment, in a single-server, small office, or inyour corporate datacenter. They are all the same, and the platform should scaleconsistently and be managed easily from the small business office to the infinitelylarge public cloud.The Windows Server team employed a customer-focused design approach todesign in-the-box solutions that address customers’ real-world business problems.We realized that we needed to cloud-optimize environments by providing anupdated, flexible platform. We also knew that it was incumbent upon us to enableIT professionals to implement the next generation of technologies needed forfuture applications and services. We focused on end-to-end solutions that arecomplete and work out of the box with the critical capabilities for the deploymentsneeded for the mobile and always-connected users, workforce, and devices.To achieve these goals, we carefully planned a complete virtualization platformwith flexible policies and agile options that would enable not only a high-densityand scalable infrastructure for all workloads and applications, but also enablesimple and efficient infrastructure management. Once in place, with maximizeduptime and minimized failures and downtimes, the value proposition of an openand scalable web platform that is aligned to and uses the lowest-cost commoditystorage and networking provides a comprehensive solution better than any otherplatform.In addition, Windows Server 2012 provides next-generation data security andcompliance solutions based on strong identity and authorization capabilitiesthat are paramount in this evolving cloud-optimized environment. The mobile,work-everywhere culture demands not only compliance, but also protectionagainst the latest threats and risks.
x ForewordAnd, last but not least, Windows Server 2012 comes with the needed reliability,power efficiency, and interoperability to integrate into environments withoutrequiring numerous and complex add-ons, installations, and additional softwareto have a working solution.As one of the senior engineering leaders in the Server and Cloud Division ofMicrosoft, we have an opportunity to change the world and build the WindowsServer 2012 platform to host public and private clouds all over the world. We tookour experience and learning from Hotmail, Messenger, Office 365, Bing, WindowsAzure, and Xbox Live . . . all of which run on Windows Server to design and createWindows Server 2012 so that others are capable of building their own privateclouds, hosting the latest applications, or deploying the next set of cloud serviceswith world-class results.This book is compiled from the expertise we have gained from the publicclouds that we have run for years, as well as the experience from many expertson how to use the Hyper-V and Windows Server technologies optimally. Wewanted to provide this book as a compilation of the engineering team’s insideknowledge and best practices from early adopter deployments. It provides aunique introduction on how to cloud-optimize your environment with WindowsServer 2012.David B. CrossDirector of Program ManagementMicrosoft Corporation
IntroductionWindows Server 2012 is probably the most significant release of the WindowsServer platform ever. With an innovative new user interface, powerfulnew management tools, enhanced Windows PowerShell support, and hundredsof new features in the areas of networking, storage, and virtualization, WindowsServer 2012 can help IT deliver more while reducing costs. Windows Server 2012also was designed for the cloud from the ground up and provides a foundationfor building both public and private cloud solutions to enable businesses to takeadvantage of the many benefits of cloud computing.This book provides a technical overview of Windows Server 2012 and isintended to help IT professionals familiarize themselves with the capabilities of thenew platform. This present edition also replaces the earlier preview edition, withscreenshots and feature descriptions now being based on RTM instead of Beta.Direct from the sourceA key feature of this book is the inclusion of sidebars written by members of theWindows Server team, Microsoft Support engineers, Microsoft Consulting Servicesstaff, and others who work at Microsoft. These sidebars provide an insider’sperspective that includes both “under-the-hood” information concerning howfeatures work, and strategies, tips, and best practices from experts who have beenworking with the platform during product development. Sidebars are highlightedin the text and include the contributor’s name and title at the bottom.AcknowledgmentsThe author would like to express his special thanks to the numerous peopleworking at Microsoft who took time out from their busy schedules to writesidebars for this book and/or peer-review its content to ensure technical accuracy.In recognition of their contribution towards making this book a more valuableresource, we’d like to thank the following people who work at Microsoft (unlessotherwise indicated) for contributing their time and expertise to this project:Joshua Adams, Manjnath Ajjampur, Jeff Alexander, Ted Archer, Vinod Atal,Jonathan Beckham, Jeevan Bisht, David Branscome, Kevin Broas, Brent Caskey,Patrick Catuncan, Al Collins, Bob Combs, Wilbour Craddock, David Cross,Kevin daCosta, Robb Dilallo (Oakwood Systems Group), Laz Diaz, Yuri Diogenes,
xii IntroductionSean Eagan, Yigal Edery, Michael Foti, Stu Fox, Keith Hill, Jeff Hughes,Corey Hynes (HynesITe Inc.), Mohammed Ismail, Ron Jacob, Tomica Kaniski,Alex A. Kibkalo, Praveen Kumar, Brett Larison, Alex Lee, Ian Lindsay, Carl Luberti,Michel Luescher, John Marlin, John McCabe, Robert McMurray, Harsh Mittal,Michael Niehaus, Symon Perriman, Tony Petito, Mark Piggott, Jason Pope,Artem Pronichkin, Satya Ramachandran, Ramlinga Reddy, Colin Robinson,John Roller, Luis Salazar, Stephen Sandifer (Xtreme Consulting Group Inc),Chad Schultz, Tom Shinder, Ramnish Singh, Don Stanwyck, Mike Stephens,Mike Sterling, Allen Stewart, Jeff Stokes, Chuck Swanson, Daniel Taylor,Harold Tonkin, Sen Veluswami, Matthew Walker, Andrew Willows, Yingwei Yang,John Yokim, Won Yoo, David Ziembicki, and Josef Zilak.If we’ve missed anyone, we’re sorry!The author also would like to thank Valerie Woolley at Microsoft Learning;Diane Kohnen at S4Carlisle Publishing Services; and Susan McClung, thecopyeditor.Errata & book supportWe’ve made every effort to ensure the accuracy of this book and its companioncontent. Any errors that have been reported since this book was published arelisted on our Microsoft Press site at oreilly.com:http://go.microsoft.com/FWLink/?Linkid=262397If you find an error that is not already listed, you can report it to us through thesame page.If you need additional support, email Microsoft Press Book Support firstname.lastname@example.org.Please note that product support for Microsoft software is not offered throughthe addresses above.We want to hear from youAt Microsoft Press, your satisfaction is our top priority, and your feedback ourmost valuable asset. Please tell us what you think of this book at:http://www.microsoft.com/learning/booksurvey
xiiiIntroductionThe survey is short, and we read every one of your comments and ideas.Thanks in advance for your input!Stay in touchLet’s keep the conversation going! We’re on Twitter:http://twitter.com/MicrosoftPress.
1C H A P T E R 1The business need forWindows Server 2012■ The rationale behind cloud computing 1■ Technical requirements for successful cloud computing 6■ Four ways Windows Server 2012 delivers value for cloudcomputing 10■ Up next 15This chapter briefly sets the stage for introducing Windows Server 2012 by reviewing whatcloud computing is all about and why cloud computing is becoming an increasinglypopular solution for business IT needs. The chapter then describes how Windows Server 2012can provide the ideal foundation for building your organization’s private cloud.The rationale behind cloud computingCloud computing is transforming business by offering new options for businesses to increaseefficiencies while reducing costs. What is driving organizations to embrace the cloud paradigmare the problems often associated with traditional IT systems. These problems include:■■ High operational costs, typically associated with implementing and managingdesktop and server infrastructures■■ Low system utilization, often associated with non-virtualized server workloads inenterprise environments■■ Inconsistent availability due to the high cost of providing hardware redundancy■■ Poor agility, which makes it difficult for businesses to meet evolving market demandsAlthough virtualization has helped enterprises address some of these issues byvirtualizing server workloads, desktops, and applications, some challenges still remain.For example, mere virtualization of server workloads can lead to virtual machine (VM)sprawl, solving one problem while creating another.Cloud computing helps address these challenges by providing businesses with newways of improving agility while reducing costs. For example, by providing tools for rapiddeployment of IT services with self-service capabilities, businesses can achieve
2 Chapter 1 The business need for Windows Server 2012a faster time-to-market rate and become more competitive. Cloud-based solutions also canhelp businesses respond more easily to spikes in demand. And the standardized architectureand service-oriented approach to solution development used in cloud environments helpsshorten the solution development life cycle, reducing the time between envisioning anddeployment.Cloud computing also helps businesses keep IT costs under control in several ways. Forexample, the standardized architecture of cloud solutions provides greater transparencyand predictability for the budgeting process. Adding automation and elastic capacitymanagement to this helps keep operational costs lower. Reuse and re-provisioning of cloudapplications and services can help lower development costs across your organization, makingyour development cycle more cost effective. And a pay-as-you-go approach to consumingcloud services can help your business achieve greater flexibility and become more innovative,making entry into new markets possible.Cloud computing also can help businesses increase customer satisfaction by enablingsolutions that have greater responsiveness to customer needs. Decoupling applications fromphysical infrastructure improves availability and makes it easier to ensure business continuitywhen a disaster happens. And risk can be managed more systematically and effectively tomeet regulatory requirements.Making the transitionMaking the transition from a traditional IT infrastructure to the cloud paradigm beginswith rethinking and re-envisioning what IT is all about. The traditional approach to ITinfrastructure is a server-centric vision, where IT is responsible for procuring, designing,deploying, managing, maintaining, and troubleshooting servers hosted on the company’spremises or located at the organization’s central datacenter. Virtualization can increasethe efficiency of this approach by allowing consolidation of server workloads to increasesystem utilization and reduce cost, but even a virtualized datacenter still has a server-centricinfrastructure that requires a high degree of management overhead.Common characteristics of traditional IT infrastructures, whether virtualized or not, caninclude the following:■■ Limited capacity due to the physical limitations of host hardware in the datacenter(virtualization helps maximize capacity but doesn’t remove these limitations)■■ Availability level that is limited by budget because of the high cost of redundant hosthardware, network connectivity, and storage resources■■ Poor agility because it takes time to deploy and configure new workloads(virtualization helps speed up this process)■■ Poor efficiency because applications are deployed in silos, which means thatdevelopment efforts can’t be used easily across the organization■■ Potentially high cost due to the cost of host hardware, software licensing, and thein-house IT expertise needed to manage the infrastructure
The rationale behind cloud computing Chapter 1 3By contrast to the traditional server-centric infrastructure, cloud computing represents aservice-centric approach to IT. From the business customer’s point of view, cloud services canbe perceived as IT services with unlimited capacity, continuous availability, improved agility,greater efficiency, and lower and more predictable costs than a traditional server-centricIT infrastructure. The results of the service-centric model of computing can be increasedproductivity with less overhead because users can work from anywhere, using any capabledevice, without having to worry about deploying the applications they need to do their job.The bottom line here is that businesses considering making the transition to the cloudneed to rethink their understanding of IT from two perspectives: the type of sourcing and thekinds of services being consumed.Cloud sourcing modelsCloud sourcing models define the party that has control over how the cloud services arearchitected, controlled, and provisioned. The three kinds of sourcing models for cloudcomputing are:■■ Public cloud Business customers consume the services they need from a pool ofcloud services delivered over the Internet. A public cloud is a shared cloud where thepool of services is used by multiple customers, with each customer’s environmentisolated from those of others. The public cloud approach provides the benefits ofpredictable costs and pay-as-you-go flexibility for adding or removing processing,storage, and network capacity depending on the customer’s needs.For example, Microsoft Windows Azure and Microsoft SQL Azure are public cloudofferings that allow you to develop, deploy, and run your business applications overthe Internet instead of hosting them locally on your own datacenter. By adopting thisapproach, you can gain increased flexibility, easier scalability, and greater agility foryour business. And if your users only need Microsoft Office or Microsoft DynamicsCRM to perform their jobs, you can purchase subscriptions to Office 365 or MicrosoftDynamics CRM Online from Microsoft’s public cloud offerings in this area as well.For more information on Microsoft’s public cloud offerings, seehttp://www.microsoft.com/en-us/server-cloud/private-cloud/buy.aspx#tabs-2.■■ Private cloud The customer controls the cloud, either by self-hosting a private cloudin the customer’s datacenter or by having a partner host it. A private cloud can beimplemented in two ways: by combining different software platforms and applications,or by procuring a dedicated cloud environment in the form of an appliance froma vendor.For example, customers have already been using the Hyper-V virtualization capabilitiessuccessfully in the Microsoft Windows Server 2008 R2 platform, with the MicrosoftSystem Center family of products, to design, deploy, and manage their own privateclouds. And for a more packaged approach to deploying private clouds, Microsoft’sPrivate Cloud Fast Track program provides customers with a standard reference
4 Chapter 1 The business need for Windows Server 2012architecture for building private clouds that combines Microsoft software, consolidatedguidance, value-added software components, and validated compute, network, andstorage configurations from original equipment manufacturer (OEM) partners to createa turnkey approach for deploying scalable, preconfigured, validated infrastructureplatforms for deploying your own on private cloud. For more information on thePrivate Cloud Fast Track and to see a list of Fast Track Partners,see http://www.microsoft.com/en-us/server-cloud/private-cloud/buy.aspx#tabs-2.The private cloud approach allows you the peace of mind of knowing you havecomplete control over your IT infrastructure, but it has higher up-front costs anda steeper implementation curve than the public cloud approach. For more informationon Microsoft’s private cloud offerings, see http://www.microsoft.com/en-us/server-cloud/private-cloud/. As you will soon see, however, the next generation ofHyper-V in the Windows Server 2012 platform delivers even more powerful capabilitiesthat enable customers to deploy and manage private clouds.■■ Hybrid cloud The customer uses a combination of private and public clouds to meetthe specific needs of their business. In this approach, some of your organization’s ITservices run on-premises while other services are hosted in the cloud to save costs,simplify scalability, and increase agility. Organizations that want to make the transitionfrom traditional IT to cloud computing often begin by embracing the hybrid cloudapproach because it allows them to get their feet wet while remaining grounded in thecomfort of their existing server-centric infrastructure.One difficulty with the hybrid cloud approach, however, is the managementoverhead associated with needing duplicate sets of IT controls, one set for traditionalinfrastructure and others for each kind of cloud service consumed. Regardless of this,many organizations that transition to the cloud choose to adopt the hybrid approachfor various reasons, including deployment restrictions, compliance issues, or theavailability of cloud services that can meet the organization’s needs.Cloud service modelsCloud computing also can be considered from the perspective of which kinds of services arebeing consumed. The three standard service models for cloud computing are as follows:■■ Software as a service (SaaS) This approach involves using the cloud to deliver asingle application to multiple users, regardless of their location or the kind of devicethey are using. SaaS contrasts with the more traditional approach of deployingseparate instances of applications to each user’s computing device. The advantagesof the SaaS model is that application activities can be managed from a single centrallocation to reduce cost and management overhead. SaaS typically is used to delivercloud-based applications that have minimal support for customization, such as email,Customer Relationship Management (CRM), and productivity software. Office 365 is anexample of a SaaS offering from Microsoft that provides users with secure anywhere
The rationale behind cloud computing Chapter 1 5access to their email, shared calendars, instant messaging (IM), video conferencing,and tools for document collaboration.■■ Platform as a service (PaaS) This approach involves using the cloud to deliverapplication execution services such as application run time, storage, and integrationfor applications that have been designed for a prespecified cloud-based architecturalframework. By using PaaS, you can develop custom cloud-based applications for yourbusiness and then host them in the cloud so that users can access them anywhereover the Internet. PaaS also can be used to create multi-tenant applications thatmultiple users can access simultaneously. And with its high degree of supportfor application-level customization, PaaS can enable integration with your olderapplications and interoperability with your on-premises systems, though someapplications may need to be recoded to work in the new environment. SQL Azure isan example of a PaaS offering from Microsoft that allows businesses to provision anddeploy SQL databases to the cloud without the need of implementing and maintainingan in-house Microsoft SQL Server infrastructure.■■ Infrastructure as a service (IaaS) This approach involves creating pools ofcompute, storage, and network connectivity resources that then can be deliveredto business customers as cloud-based services that are billed on a per-usage basis.IaaS forms the foundation for SaaS and PaaS by providing a standardized, flexiblevirtualized environment that typically presents itself to the customer as virtualizedserver workloads. In the IaaS model, the customer can self-provision these virtualizedworkloads and can customize them fully with the processing, storage, and networkresources needed and with the operating system and applications the businessrequires. By using the IaaS approach, the customer is relieved of the need to purchaseand install hardware and can spin up new workloads to meet changing demandquickly. The Hyper-V technology of the Windows Server platform, together with theSystem Center family of products, represents Microsoft’s offering in the IaaS space.Microsoft cloud factsDid you know the following facts about Microsoft’s public cloud offerings?■■ Every day, 9.9 billion messages are transmitted via Windows Live Messenger.■■ There are 600 million unique users every month on Windows Live and MSN.■■ There are 500 million active Windows Live IDs.■■ There are 40 million paid MS online services (BPOS, CRM Online, etc.) in 36 countries.■■ A total of 5 petabytes of content is served by Xbox Live each week during the holidayseason.■■ A total of 1 petabyte+ of updates is served every month by Windows Update tomillions of servers and hundreds of millions of PCs worldwide.■■ There are tens of thousands of Windows Azure customers.
6 Chapter 1 The business need for Windows Server 2012■■ There are 5 million LiveMeeting conference minutes per year.■■ Forefront for Exchange filters 1 billion emails per month.Technical requirements for successful cloudcomputingIf you’re considering moving your business to the cloud, it’s important to be aware of theingredients of a successful cloud platform. Figure 1-1 illustrates the three standard servicemodels for implementing private and public cloud solutions.SaaS – the softwareThe cloud provider runs the application while the customerconsumes the application as a service on a subscription basis.PaaS – the platformThe application platform includesnative services for scalability andresiliency, and the apps must bedesigned to run in the cloud.IaaS – the infrastructureThe cloud provider runs adatacenter that offers “virtualmachines for rent” along withdynamically allocated resources.Customers own the virtualmachine and manage it as “theirserver” in the cloud.FIGURE 1-1 The three standard service models for the cloud.The hierarchy of this diagram illustrates that both IaaS and PaaS can be used as thefoundation for building SaaS. In the IaaS approach, you build the entire architecture yourself(for example, with load-balanced web servers for the front end and clustered servers foryour business and data tiers on the back end). In fact, the only difference between IaaS anda traditional datacenter is that the apps are running on servers that are virtual instead ofphysical.By contrast, PaaS is a completely different architecture. In a PaaS solution, like WindowsAzure, you allow Azure to handle the “physical” aspect for you when you take your app andmove it to the cloud. Then, when you have spikes in demand (think the holiday season for aretail website), the system automatically scales up to meet the demand and then scales backdown again when demand tapers off. This means that with PaaS, you don’t need to build asystem that handles the maximum load at all times, even when it doesn’t have to; instead, youpay only for what you use.But the IaaS model is much closer to what customers currently use today, so let’s focusmore closely on the IaaS service model, which often is described as “virtual machines forrent.” The two key components of IaaS are a hypervisor-based server operating system and
Technical requirements for successful cloud computing Chapter 1 7a cloud and datacenter management solution. These two components, therefore, form thefoundation of any type of cloud solution—public, private, or hybrid.Let’s examine the first component: namely, a hypervisor-based server operating system.What attributes must such a platform have to be suitable for building cloud solutions? Thenecessary technical requirements must include the following:■■ Support for the latest server hardware and scaling features, including high-performancenetworking capabilities and reduced power consumption for green computing■■ A reliable, highly scalable hypervisor that eliminates downtime when VMs are movedbetween hosts■■ Fault-tolerant, high-availability solutions that ensure that cloud-based services can bedelivered without interruption■■ Powerful automation capabilities that can simplify and speed the provisioning andmanagement of infrastructure resources to make your business more agile■■ Support for enterprise-level storage for running the largest workloads that businessesmay need■■ The ability to host a broad range of virtualized operating systems and applications toprovide customers with choices that can best meet their business needs■■ An extensible platform with public application programming interfaces (APIs) thatbusinesses can use to develop custom tools and enhancements that they need toround out their solutions■■ The ability to pool resources, such as processing, network connectivity, and storage,to provide elasticity so that you can provision and scale resources dynamically inresponse to changing needs■■ Self-service capabilities, so that pooled resources can be provisioned quickly accordingto service-level agreements for increased agility■■ A built-in system for monitoring resource usage, so that those consuming resourcescan be billed on a pay-for-only-what-you-use basis■■ Infrastructure transparency, so that customers can concentrate on deploying theapplications and services that they need without having to worry about the underlyinginfrastructureMicrosoft’s previous hypervisor-based server operating system, Windows Server 2008 R2,met many of these requirements to a high degree, and Microsoft and other enterpriseshave been using it extensively as a foundation for building both private and public clouds.As we will soon see, however, Windows Server 2012 now brings even more to the table forbuilding highly scalable and elastic cloud solutions, making it the first truly cloud-optimizedserver operating system.The second component for building a cloud is the management part, and here, SystemCenter 2012 provides the most comprehensive cloud and datacenter managementsolution available in the marketplace. System Center 2012 spans physical, virtual, and cloud
8 Chapter 1 The business need for Windows Server 2012environments using common management experiences throughout and enables end-to-endmanagement of your infrastructure and applications.Support for Windows Server 2012 will be included in Service Pack 1 for System Center2012. For more information on System Center products and to download evaluation software,see http://www.microsoft.com/en-us/server-cloud/system-center/default.aspx.The business need for Windows Server 2012Cloud computing in general, and private clouds in particular, have emerged as aresponse to the high cost and lack of agility of traditional approaches to IT. Theneeds of IT users and the rate of technological change have increased significantly.At the same time, the need to improve IT efficiency and reduce costs are high-priorityobjectives in most businesses today.Server consolidation through virtualization has been a key driver of costsavings over the past several years. Windows Server 2012 and Hyper-V providesignificant improvements in scalability and availability, which enables much higherconsolidation ratios. Combined with the flexibility of unlimited VM licensing insome Windows SKUs, high-density virtualization can reduce costs significantly. WithWindows Server 2012 and Hyper-V supporting clusters up to 64 nodes runningup to 4,000 VMs and up to 1,024 active VMs per host, a relatively small amount ofphysical hardware can support a large amount of IT capability.Further improving the consolidation story is the ability to run significantly larger VMs,resulting in a higher percentage of physical servers being candidates for virtualization.For example, Windows Server 2012 can now support:■■ Up to 64 virtual processors per VM (with a maximum of 2,048 virtual processorsper host)■■ Up to 1 terabyte (TB) of random access memory (RAM) per VM (with up to 4 TBRAM per host)■■ Virtual hard disks (VHDs) up to 64 TB in sizeThese scalability enhancements now provide enterprises with the ability to virtualizethe vast majority of physical servers deployed today. Examples include large databaseservers or other high-scale workloads that previously could not be virtualized.In addition to scale, a substantial number of new capabilities in the Windows Server 2012and Hyper-V platform enable cloud computing scenarios. Definitions of cloudcomputing vary; however, one of the most commonly utilized definitions is from theU.S. National Institutes for Standards and Technology (NIST), which defines five“essential” characteristics of cloud computing solutions, including on-demandself-service, broad network access, resource pooling, rapid elasticity, and measured service.These attributes enable the agility and cost savings expected from cloud solutions.
Technical requirements for successful cloud computing Chapter 1 9Virtualization alone provides significant benefits, but it does not provide allthe cloud attributes defined by NIST. A key tenet of Windows Server 2012 is to gobeyond virtualization. What this means is providing the foundational technologies andfeatures that enable cloud attributes such as elasticity, resource pooling, and measuredservice, while providing significant advancements in the virtualization platform.■■ For the on-demand self-service cloud attribute, Windows Server 2012 providesfoundational technology that enables a variety of user interfaces, includingself-service portals by providing hundreds of Windows PowerShell cmdletsrelated to VM provisioning and management, that enable management solutionssuch as System Center to provide self-service user interfaces.■■ For the broad network access cloud attribute, Windows Server 2012 and Hyper-Vprovides new network virtualization technology that enables a variety of VMmobility, multi-tenancy, and hosting scenarios that remove many of today’snetwork limitations. Other technologies, such as DirectAccess, enable secureremote connectivity to internal resources without the need for virtual privatenetworks (VPNs).■■ For the resource pooling cloud attribute, the combination of the operatingsystem, Network, and Storage virtualization technologies in Windows Server 2012enable each component of the physical infrastructure to be virtualized andshared as a single large resource pool. Improvements to Live Migration enableVMs and their associated storage to be moved to any Hyper-V host in thedatacenter with a network connection. Combined, these technologies allowstandardization across the physical and virtual infrastructure with the ability ofVMs to be distributed optimally and dynamically across the datacenter.■■ For the rapid elasticity cloud attribute, Windows Server 2012 provides the abilityto provision VMs rapidly using technologies such as offloaded data transfer (ODX),which can use capabilities in storage systems to clone or create VMs very rapidlyto enable workload elasticity. Thin provisioning and data de-duplication enableelasticity without immediate consumption of physical resources.■■ For the measured service cloud attribute, Windows Server 2012 provides avariety of new resource metering capabilities that enable granular reportingon resource utilization by individual VMs. Resource metering enables scenariossuch as chargeback reporting based on central processing unit (CPU) utilization,memory utilization, or other utilization-based metrics.In addition to advanced server consolidation and cloud attributes that helpdrive down IT cost and increase agility, Windows Server 2012 provides thecapability to reduce ongoing operational expenses (OpEx) by providing a highdegree of automation and the ability to manage many servers as one. A key costmetric in IT is the number of servers that an individual administrator can manage.
10 Chapter 1 The business need for Windows Server 2012In many datacenters, this number is small, typically in the double digits. In highlyautomated datacenters such as Microsoft’s, an individual administrator can managethousands of servers through the use of automation.Windows Server 2012 delivers this automation capability through the ServerManager user interface’s ability to manage user-defined groups of servers as one,plus the ability of PowerShell to automate activities against a nearly unlimitednumber of servers. This reduces the amount of administrator effort required,enabling administrators to focus on higher-value activities.Taken together, the capabilities provided by Windows Server 2012 deliver theessential cloud attributes and the foundation for significant improvements in bothIT cost and agility.David ZiembickiSenior Architect, U.S. Public Sector, Microsoft ServicesFour ways Windows Server 2012 delivers value forcloud computingLet’s now briefly look at four ways that Windows Server 2012 can deliver value for buildingyour cloud solution beyond what the Windows Server 2008 R2 platform can deliver. Theremaining chapters of this book will explore the powerful new features and capabilities of thiscloud-optimized operating system in more detail, along with hands-on insights from insidersat Microsoft who have developed, tested, and deployed Windows Server 2012 and for selectcustomers during product development.Foundation for building your private cloudAlthough previous versions of Windows Server have included many capabilities needed forimplementing different cloud computing scenarios, Windows Server 2012 takes this a stepfurther by providing a foundation for building dynamic, multi-tenant cloud environmentsthat can scale to meet the highest business needs while helping to reduce your infrastructurecosts. Hyper-V in Windows Server 2008 R2 has already helped many businesses reduce theiroperational costs through server consolidation. The next version of Hyper-V, together withother key features of Windows Server 2012, goes even further by enabling you to securevirtualized services by isolating them effectively, migrate running VMs with no downtimeeven outside of clusters, create replicas of virtualized workloads for offsite recovery, andmuch more. The result is to provide a platform that is ideal as a foundation for buildingprivate clouds for even the largest enterprises.
Four ways Windows Server 2012 delivers value for cloud computing Chapter 1 11Windows Server 2012 provides your business with a complete virtualization platform thatincludes multi-tenant security and isolation capabilities to enforce network isolation betweenworkloads belonging to different business units, departments, or customers on a sharedinfrastructure. Network Virtualization, a new feature of Hyper-V, lets you isolate networktraffic from different business units without the complexity of needing to implement andmanage virtual local area networks (VLANs). Network Virtualization also makes it easier tointegrate your existing private networks into a new infrastructure by enabling you to migrateVMs while preserving their existing virtual network settings. And network quality of service(QoS) has been enhanced in Windows Server 2012 to enable you to guarantee a minimumamount of bandwidth to VMs and virtual services so that service level agreements can beachieved more effectively and network performance can have greater predictability. Beingable to manage and secure network connectivity resources effectively are an importantfactor when designing cloud solutions, and these capabilities of Windows Server 2012 make thispossible.Windows Server 2012 also helps you scale your environment better, achieve greaterperformance levels, and use your existing investments in enterprise storage solutions. Withgreatly expanded support for host processors and memory, your virtualization infrastructurenow can support very large VMs that need the highest levels of performance and workloadsthat require the ability to increase significantly in scale. Businesses that have already investedin Fibre Channel storage arrays for their existing infrastructures can benefit from VirtualFibre Channel, a new feature of Hyper-V that lets you directly connect to your storage areanetwork (SAN) from within the guest operating system of your VMs. You also can use VirtualFibre Channel to virtualize any server workloads that directly access your SAN, enabling newways of reducing costs through workload virtualization. You also can cluster guest operatingsystems over Fibre Channel, which provides new infrastructure options you can explore.And the built-in ODX support ensures that your VMs can read and write to SAN storage atperformance levels matching that of physical hardware, while freeing up the resources on thesystem that received the transfer. With storage a key resource for any cloud solution, theseimprovements make Windows Server 2012 an effective platform for building clouds.Windows Server 2012 also provides a common identity and management framework thatsupports federation, enables cross-premises connectivity, and facilitates data protection.Active Directory Federation Services (AD FS) is now built into the product and providesa foundation for extending Active Directory identities to the cloud, allowing for singlesign-on (SSO) to resources both on-premises and in the cloud. Site-to-site VPNs can beestablished to provide cross-premises connectivity between your on-premises infrastructureand hosting providers you purchase cloud services from. You even can connect directly toprivate subnets within a hosted cloud network, using your existing networking equipmentthat uses industry-standard IKEv2-IPsec protocols. And you can enhance business continuityand simplify disaster recovery by using the new Hyper-V Replica feature that providesasynchronous replication of virtual machines over IP-based networks to remote sites. Allthese features help provide the foundation that you need to build your private cloud.
12 Chapter 1 The business need for Windows Server 2012Private Cloud(Enterprise)Multiple Business Unitson Shared InfrastructureMultiple Customerson Shared InfrastructurePublic Cloud(Hoster)• Secure Isolation Between Tenants• Dynamic Placement of Services• QoS and Resource MeteringSQL IIS SQL IIS SQL IIS SQL IISR & D Finance Contoso Bank Woodgrove BankFIGURE 1-2 Windows Server 2012 provides a foundation for multi-tenant clouds.Highly available, easy-to-manage multi-server platformCost is the bottom line for most businesses, and even though virtualization has allowedmany organizations to tap into efficiencies that have helped them do more with less withtheir datacenters, maintaining these efficiencies and preventing interruptions due to failures,downtimes, and management problems remain a key priority. Windows Server 2012 helpsyou address these issues by providing enhanced availability features, more flexible storageoptions, and powerful new management capabilities.Windows Server 2012 enhances availability by extending the Live Migration capabilitiesof Hyper-V in previous Windows Server versions with a new feature called Live StorageMigration, which lets you move VHDs while they are attached to running VMs with nodowntime. Live Storage Migration simplifies the task of migrating or upgrading storagewhen you need to perform maintenance on your SAN or file-based storage array, or whenyou need to redistribute the load. Built-in NIC teaming gives you fault-tolerant networkingwithout the need to use third-party solutions, and it also helps ensure availability bypreventing connectivity from being lost when a network adapter fails. And availability canbe further enhanced through transparent failover, which lets you move file shares betweencluster nodes with no interruption to applications accessing data on these shares. Theseimprovements can provide benefits for both virtualized datacenters and for the cloud.
Four ways Windows Server 2012 delivers value for cloud computing Chapter 1 13Windows Server 2012 also provides numerous efficiencies that can help you reduce costs.These efficiencies cover a wide range of areas, including power consumption, networking,and storage, but for now, let’s just consider storage. The new file server features of WindowsServer 2012 allow you to store application data on server message block (SMB) file sharesin a way that provides much of the same kind of availability, reliability, and performancethat you’ve come to expect from more expensive SAN solutions. The new Storage Spacesfeature provides built-in storage virtualization capabilities that enable flexible, scalable, andcost-effective solutions to meet your storage needs. And Windows Server 2012 integrateswith storage solutions that support thin provisioning with just-in-time (JIT) allocations ofstorage and the ability to reclaim storage that’s no longer needed. Reducing cost is key forenterprises, whether they still have traditional IT infrastructures or have deployed privateclouds.Windows Server 2012 also includes features that make management and automationmore efficient. The new Server Manager takes the pain out of deploying and managing largenumbers of servers by simplifying the task of remotely deploying roles and features on bothphysical and virtual servers. Server Manager also can be used to perform scenario-baseddeployments of the Remote Desktop Services role, for example to set up a sessionvirtualization infrastructure or a virtual desktop infrastructure (VDI) environment quickly.PowerShell 3.0 has powerful new features that simplify the job of automating numerousaspects of a datacenter, including the operating system, storage, and networking resources.PowerShell workflows let you perform complex management tasks that require machines tobe rebooted. Scheduled jobs can run regularly or in response to a specific event. Delegatedcredentials can be used so that junior administrators can perform mission-critical tasks. Allthese improvements can bring you closer to running your datacenter or private cloud as atruly lights-out automated environment.Deploy web applications on-premises and in the cloudThe web platform is key to building a cloud solution. That’s because cloud-based servicesare delivered and consumed over the Internet. Windows Server 2012 includes web platformenhancements that provide the kind of flexibility, scalability, and elasticity that your businessneeds to host web applications for provisioning cloud-based applications to business units orcustomers. Windows Server 2012 is also an open web platform that embraces a broad rangeof industry standards and supports many third-party platforms and tools so that you canchoose whatever best suits the development needs for your business.Because most organizations are expected to follow the hybrid cloud approach thatcombines together both on-premises infrastructure and cloud services, efficiencies can begained by using development symmetry that lets you build applications that you can deployboth on-premises and in the cloud. Windows Server 2012 provides such developmentsymmetry through a common programming language supporting both Windows Server andthe Windows Azure platform; through a rich collection of applications that can be deployed
14 Chapter 1 The business need for Windows Server 2012and used across web application and data tiers; through the rich Microsoft Visual Studio–based developer experience, which lets you develop code that can run bothon-premises and in the cloud; and through other technologies like the Windows AzureConnect, which lets you configure Internet Protocol Security (IPsec)–protected connectionsbetween your on-premises physical/virtual servers and roles running in the Windows Azurecloud.Building on the proven application platform of earlier Windows Server versions, WindowsServer 2012 adds new features and enhancements to enable service providers to hostlarge numbers of websites while guaranteeing customers predictable service levels. Theseimprovements make Windows Server 2012 the ideal platform for building and managinghosting environments and public clouds. To enable the highest level of scalability, especiallyin shared hosting environments, Microsoft Internet Information Services (IIS) 8.0 inWindows Server 2012 introduced multicore scaling on Non-Uniform Memory Access (NUMA),which enables servers that can scale up to 64 physical processors and across NUMA nodes.This capability enables your web applications to scale up quickly to meet sudden spikesin demand. And when demand falls again, IIS CPU throttling enables your applications toscale down to minimize costs. You also can use IIS CPU throttling to ensure that applicationsalways get their fair share of processor time by specifying a maximum CPU usage for eachapplication pool. And to manage the proliferation of Secure Sockets Layer (SSL) certificatesfor your hosting environment, or to be able to add web servers to a web farm quickly withoutthe need to configure SSL manually on them, the new Centralized SSL Certificate Supportfeature of Windows Server 2012 takes the headache out of managing SSL-based hostingenvironments.IIS 8.0 in Windows Server 2012 also provides businesses with great flexibility in the kindsof web applications that they can develop and deploy. ASP.NET 4.5 now supports the latestHTML 5 standards. PHP and MySQL also are supported through the built-in IIS extensions forthese development platforms. And support for the industry-standard WebSocket protocolenables encrypted data transfer over real-time bidirectional channels to support AJAX clientapplications running in the browser. All these features and enhancements provide flexibilityfor building highly scalable web applications, hosted either on-premises or in the cloud.Enabling the modern work styleThe consumerization of IT through the trend towards BYOD or “bring your own device”environments is something that businesses everywhere are facing and IT is only beginning toget a handle on. The days of IT having full control over all user devices in their infrastructureare probably over, with the exception of certain high-security environments in thegovernment, military, and finance sectors. Accepting these changes requires not just newthinking but new technology, and Windows Server 2012 brings features that can help ITaddress this issue by enabling IT to deliver on-premises and cloud-based services to userswhile maintaining control over sensitive corporate data.
Up next Chapter 1 15Remote Access has been enhanced in Windows Server 2012 to make it much easierto deploy DirectAccess so that users can always have the experience of being seamlesslyconnected to the corporate network whenever they have Internet access. Setting uptraditional VPN connections is also simpler in Windows Server 2012 for organizationsthat need to maintain compatibility with existing systems or policies. BranchCache hasbeen enhanced in Windows Server 2012 to make it scale greater, perform better, and bemanaged more easily. Deploying BranchCache is now much simpler and enables users torun applications remotely and access data more efficiently and securely than before. And aspreviously mentioned in this chapter, Server Manager now lets you perform scenario-baseddeployments of the Remote Desktop Services role to implement session virtualization or VDIin your environment more easily.To remain productive as they roam between locations and use different devices, usersneed to be able to access their data using the full Windows experience. New featuresand improvements in Windows Server 2012 now make this possible from any location onalmost any device. RemoteFX for WAN enables a rich user experience even over slow WANconnections. Universal serial bus (USB) is now supported for session virtualization, allowingusers to use their USB flash drives, smartcards, webcams, and other devices when connectingto session hosts. And VDI now includes user VHDs for storing user personalization settingsand cached application data so that the user experience can be maintained across logons.Windows Server 2012 also gives you greater control over your sensitive corporate data tohelp you safeguard your business and meet the needs of compliance. Central access policiescan be used to define who is allowed to access information within your organization. Centralaudit policies have been enhanced to facilitate compliance reporting and forensic analysis.The Windows authorization and audit engine has been re-architected to allow the use ofconditional expressions and central policies. Kerberos authentication now supports both userand device claims. And Rights Management Services (RMS) has been made extensible sopartners can provide solutions for encrypting non-Office files. All these improvements enableusers to connect securely to on-premises or cloud-based infrastructure so that they can bemore productive in ways that meet the challenges of today’s work style while maintainingstrict control over your corporate data.Up nextThe chapters that follow will dig deeper into these different ways that Windows Server 2012can deliver value by examining in more detail the new features and capabilities of thiscloud-optimized platform. Each chapter also includes sidebars written by insiders on theWindows Server team at Microsoft, by Microsoft Consulting Services experts in the field,and by Microsoft Support engineers who have been working with the platform from Day 1.To begin with, let’s look more closely at how Windows Server 2012 can provide the perfectfoundation for building your organization’s private cloud.
17C H A P T E R 2Foundation for buildingyour private cloud■ A complete virtualization platform 19■ Increase scalability and performance 50■ Business continuity for virtualized workloads 73■ Up next 83This chapter describes some of the new features of Windows Server 2012 thatmake it the ideal platform for building a private cloud for your organization. Withenhancements to Hyper-V virtualization, improvements in scalability and performance,and business continuity support for virtualized workloads, Windows Server 2012 providesa solid foundation for building dynamic, highly scalable multi-tenant cloud environments.Windows Server 2012: The foundation for building yourprivate cloudDelivering a solid foundation for a private cloud requires a robustvirtualization platform, scalability with great performance, and the abilityto span datacenters and integrate with other clouds. Windows Server 2012 wasdesigned to address key private cloud needs through advances in computer,storage, and Network Virtualization.Compute virtualization, provided by Hyper-V in Windows Server 2012, hasbeen improved to support significantly larger host servers and guest virtualmachines (VMs). This increases the range of workloads that can be virtualized.A new feature called Guest NUMA enables large virtual machines with manyvirtual CPUs (vCPUs) to achieve high performance by optimizing a VM’s vCPUmappings to the underlying physical server’s Non-Uniform Memory Access(NUMA) configuration. Large increases in Hyper-V scalability and DynamicMemory provide for much higher density of VMs per server with largerclusters. VM mobility through Live Migration and live storage migration,regardless of whether the VM is hosted on a cluster, enable a number of newscenarios for optimization of resources in private cloud scenarios.
18 CHAPTER 2 Foundation for building your private cloudWindows Server 2012 delivers new Network Virtualization capability as well asprivate virtual local area networks (VLANs), opening a number of new networkingscenarios, including multi-tenant options required for hosting and private cloud scenarios.These technologies enable a tenant to utilize their own IP addressing schemes, evenif it overlaps with other tenants, while maintaining separation and security. Win-dows Server 2012 also introduces a new extensible virtual switch. The extensibleswitch delivers new capabilities such as port profiles and is a platform that thirdparties can use to build switch extensions for tasks like traffic monitoring, intru-sion detection, and network policy enforcement. In both private cloud scenariosand hosting scenarios, secure multi-tenancy is often a requirement. Examplescould include separating the finance department’s resources from the engineeringdepartment’s resources or separating one company’s resource you are hosting fromanother’s. Windows Server 2012 networking technologies provide for shared infra-structure and resource pooling while enabling secure multi-tenancy.Storage virtualization is a major investment area in Windows Server 2012. StorageSpaces, SMB 3, Cluster Shared Volumes (CSV2), and several other new storagefeatures provide a high-performance, low-cost storage platform. This storageplatform allows Hyper-V VMs to be run from Windows Server 2012 continuouslyavailable file shares on Windows storage spaces. Such shares can be accessedusing the new SMB 3 protocol, which when combined with appropriate networkhardware, provides high-speed, low-latency, multichannel-capable storage access.These technologies provide a robust storage platform at a cost point much lowerthan was previously possible. For environments with significant existing investmentsin storage area network (SAN) technology, Windows Server 2012 now enables FibreChannel host bus adapters (HBAs) to be virtualized, allowing VMs direct access toFibre Channel–based SAN storage.Another critical component of a private cloud infrastructure is disaster recoverycapability. Windows Server 2012 introduces the Hyper-V Replica feature, whichallows VMs to be replicated to disaster recovery sites, which reduces the timerequired to restore service should a primary datacenter suffer a disaster.With the large number of new features and improvements, automation becomesa critical requirement, both for consistency of deployment and for efficiency inoperations. Windows Server 2012 includes about 2,400 new Windows PowerShellcmdlets for managing the various roles and features in the platform. WindowsPowerShell can be used either directly or through Microsoft and third-partymanagement systems to automate deployment, configuration, and operationstasks. The new Server Manager in Windows Server 2012 allows multiple servers to begrouped and managed as one. The objective of these improvements is to increaseadministrator efficiency by increasing the number of servers each administrator canmanage.
A complete virtualization platform CHAPTER 2 19The range of technology delivered in Windows Server 2012 can be used in a varietyof ways to enable private cloud scenarios. For a large, centralized enterprise,large-scale file and Hyper-V clusters can deliver a platform able to run thousands ortens of thousands of highly available VMs. For cases where secure multi-tenancy isrequired, Network Virtualization and private VLANs can be used to deliver secureand isolated networks for each tenant’s VMs. With continuously available file sharesfor storing VMs combined with Live Migration and Live Storage Migration, VMs canbe moved anywhere in the datacenter with no downtime.The compute, network, and storage virtualization provided by Windows Server 2012deliver resource pooling, elasticity, and measured service cloud attributes. Thesecapabilities are further improved by disaster recovery and automation technologies.With these and other features, Windows Server 2012 delivers the foundation for theprivate cloud.David ZiembickiSenior Architect, U.S. Public Sector, Microsoft ServicesA complete virtualization platformVirtualization can bring many benefits for businesses, including increased agility, greaterflexibility, and improved cost efficiency. Combining virtualization with the infrastructureand tools needed to provision cloud applications and services brings even greater benefitsfor organizations that need to adapt and scale their infrastructure to meet the changingdemands of today’s business environment. With its numerous improvements, Hyper-V inWindows Server 2012 provides the foundation for building private clouds that can usethe benefits of cloud computing across the business units and geographical locationsthat typically make up today’s enterprises. By using Windows Server 2012, you can begintransitioning your organization’s datacenter environment toward an infrastructure as aservice (IaaS) private cloud that can provide your business units with the “server instanceson demand” capability that they need to be able to grow and respond to changing marketconditions.Hosting providers also can use Windows Server 2012 to build multi-tenant cloudinfrastructures (both public and shared private clouds) that they can use to delivercloud-based applications and services to customers. Features and tools included in WindowsServer 2012 enable hosting providers to fully isolate customer networks from one another,deliver support for service level agreements (SLAs), and enable chargebacks for implementingusage-based customer billing.Let’s dig into these features and capabilities in more detail. We’ll also get some insiderperspective from experts working at Microsoft who have developed, tested, deployed, andsupported Windows Server 2012 during the early stages of the product release cycle.
20 CHAPTER 2 Foundation for building your private cloudScenario-focused design in Windows Server 2012One of the best things about Windows Server 2012 is that it was designedfrom the ground up, with a great focus on actual customer scenarios.Windows Server is the result of a large engineering effort, and in past releases,each organization delivered its own technology innovations and roadmap in itsrespectively relevant area. The networking team would build great networkingfeatures; the storage team would innovate on file and storage systems; themanageability team would introduce Windows PowerShell to enable a standard wayto manage servers, and so on.Windows Server 2012 is different. Instead of having vertical technology-focusedroadmaps and designs, it was built around specific customer scenarios for theserver. I was the scenario leader for the “hosted cloud” scenario, which was allabout building the most cloud-optimized operating system ever built and aligningmultiple feature crews on enabling enterprises and hosting providers to buildclouds that are better than ever.Scenario-focused design starts by understanding the business need and the realcustomer pain points and requirements. During the planning phase, we talked toa very long list of customers and did not limit ourselves to any specific technology.Instead, we have framed the discussion around the need to build and run cloudsand discovered pain points, such as the need to offer secure multi-tenancy andisolation to your cloud tenants, so that hosting providers can be more efficient inutilizing their infrastructure and lowering their cost. There’s also a need to be able toautomate manual processes end to end because manual processes just don’t cut itanymore, and the need to lower the cost of storage because customers were clearlyoverpaying for very expensive storage even when they don’t really need it. We thentranslated that understanding into investments that cross technology boundaries thatwill solve those business problems and satisfy the customer requirements.For example, to enable multi-tenancy, we didn’t just add some access control lists (ACLs)on the Hyper-V switch. Instead, we’ve built a much better Hyper-V switch with isolationpolicy support and added Network Virtualization to decouple the physical cloudinfrastructure from the VM networks. Then we added quality of service (QoS) policies tohelp hosting providers ensure proper SLAs for different tenants and resource meters toenable them to measure and charge for activities, and we also ensured that everythingwill be fully automatable (via Windows PowerShell, of course), in a consistent way.Here’s another example: we didn’t just add support for a new network interfacecard (NIC) technology called Remote Direct Memory Access (RDMA). Instead, we’vedesigned it to work well with file servers and provide SMB Direct support to enablethe use of file servers in a cloud infrastructure over standard Ethernet fabric, and
A complete virtualization platform CHAPTER 2 21used storage spaces for low-cost disks. This way, competitive performancecompared to SANs is made available at a fraction of the cost.Finally, scenario-focused design doesn’t actually end at the design phase. It’s a wayof thinking that starts at planning but continues all the way through execution,internal validation, external validation with our TAP program, partner relations,documentation, blogging, and, of course, bringing the product to market. Basically,at every stage of the Windows Server 2012 execution cycle, the focus was onmaking the scenario work, rather than on making specific features work.This kind of a scenario-focused requires an amazingly huge collaborative effortacross technology teams. This is exactly where Windows Server 2012 shines andis the reason you’re seeing all of these great innovations coming together in onemassive release that will change the way clouds are built.Yigal EderyPrincipal Program Manager, Windows ServerHyper-V extensible switchThe new Hyper-V extensible switch in Windows Server 2012 is key to enabling the creationof secure cloud environments that support the isolation of multiple tenants. The Hyper-Vextensible switch in Windows Server 2012 introduces a number of new and enhancedcapabilities for tenant isolation, traffic shaping, protection against malicious virtual machines,and hassle-free troubleshooting. The extensible switch allows third parties to develop plug-inextensions to emulate the full capabilities of hardware-based switches and support morecomplex virtual environments and solutions.Previous versions of Hyper-V allowed you to implement complex virtual networkenvironments by creating virtual network switches that worked like physical layer-2 Ethernetswitches. You could create external virtual networks to provide VMs with connectivity withexternally located servers and clients, internal networks to allow VMs on the same host tocommunicate with each other as well as the host, or private virtual networks (PVLANs) thatyou can use to completely isolate all VMs on the same host from each other and allow themto communicate only via external networks.The Hyper-V extensible switch facilitates the creation of virtual networks that canbe implemented in various ways to provide great flexibility in how you can design yourvirtualized infrastructure. For example, you can configure a guest operating system withina VM to have a single virtual network adapter associated with a specific extensible switchor multiple virtual network adapters (each associated with a different switch), but you can’tconnect the same switch to multiple network adapters.What’s new however is that the Hyper-V virtual switch is now extensible in a couple ofdifferent ways. First, you can now install custom Network Driver Interface Specification (NDIS)filter drivers (called extensions) into the driver stack of the virtual switch. For example, you
22 CHAPTER 2 Foundation for building your private cloudcould create an extension that captures, filters, or forwards packets to extensible switch ports.Specifically, the extensible switch allows for using the following kinds of extensions:■■ Capturing extensions, which can capture packets to monitor network traffic but cannotmodify or drop packets■■ Filtering extensions, which are like capturing extensions but also can inspect and droppackets■■ Forwarding extensions, which allow you to modify packet routing and enableintegration with your physical network infrastructureSecond, you can use the capabilities of the Windows Filtering Platform (WFP) by usingthe built-in Wfplwfs.sys filtering extension to intercept packets as they travel along the datapath of the extensible switch. You might use this approach, for example, to perform packetinspection within your virtualized environment.These different extensibility capabilities of the Hyper-V extensible switch are intendedprimarily for Microsoft partners and independent software vendors (ISVs) so they can updatetheir existing network monitoring, management, and security software products so theycan work not just with physical hosts, but also with VMs deployed within any kind of virtualnetworking environment that you might possibly create using Hyper-V in Windows Server2012. In addition, being able to extend the functionality of the Hyper-V networking byadding extensions makes it easier to add new networking functionality to Hyper-V withoutneeding to replace or upgrade the switch. You’ll also be able to use the same tools formanaging these extensions that you use for managing other aspects of Hyper-V networking,namely the Hyper-V Manager console, Windows PowerShell, and Windows ManagementInstrumentation (WMI). And because these extensions integrate into the existing frameworkof Hyper-V networking, they automatically work with other capabilities, like Live Migration.Table 2-1 summarizes some of the benefits of the Hyper-V extensible switch from both theIT professional and ISV perspective.TABLE 2-1 Benefits of the Hyper-V extensible switchKey Tenets Benefit to ISVS Benefit to IT ProfessionalsOpen platform w/public API Write only the functionalitiesdesiredMinimal footprint for errorsFirst-class citizen of system Free system services (e.g., LiveMigration)Extensions from various ISVs worktogetherExisting API model Faster development Larger pool of extension implementersLogo certification and richframeworkHigher customer satisfaction Higher extension qualityUnified Tracing thru virtualswitchLower support costs Shorter downtimes
A complete virtualization platform CHAPTER 2 23Configuring virtual switchesFigure 2-1 shows the Windows Filtering Platform (WPF) extension selected in the VirtualSwitch Manager of the Hyper-V Console in Windows Server 2012. Note that once extensionsare installed on the host, they can be enabled or disabled and also have their orderrearranged by moving them up or down in the list of switch extensions.FIGURE 2-1 Virtual switch extensions for the Hyper-V extensible switch.You can also use Windows PowerShell to create, delete, and configure extensible switcheson Hyper-V hosts. For example, Figure 2-2 shows how to use the Get-VMSwitchExtensioncmdlet to display details concerning the extensions installed on a specific switch.
24 CHAPTER 2 Foundation for building your private cloudFIGURE 2-2 Displaying all extensions installed on the virtual switch named CONTOSO.You also can display the full list of Windows PowerShell cmdlets for managing theextensible switch, as Figure 2-3 illustrates.FIGURE 2-3 Displaying all Windows PowerShell cmdlets for managing virtual switches.Troubleshooting virtual switchesMicrosoft also has extended Unified Tracing through the Hyper-V extensible switch, whichmakes it easier for you to diagnose problems that may occur. For example, if you areexperiencing issues that you think might be connected with the extensible switch, you couldattempt to troubleshoot the problem by turning on tracing using the Netsh commandlike this:netsh trace start provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yescapturetype=vmswitch
A complete virtualization platform CHAPTER 2 25Then you would try and reproduce the issue while tracing is turned on. Once a repro hasoccurred, you could disable tracing with netsh trace stop and then review the generatedEvent Trace Log (ETL) file using Event Viewer or Network Monitor. You also could review theSystem event log for any relevant events.Performance monitoring improvementsWindows Server 2012 exposes more Event Tracing for Windows (ETW) dataproviders and performance items than Windows Server 2008 R2. With thisexposure comes the vital need for the IT professional to know which datasets arerelevant to their specific monitoring situation. It’s not feasible nor appropriate tojust gather everything, for system monitoring has in it a touch of physics . . .a modified Heisenberg uncertainty principle is afoot; One cannot monitor a systemwithout impacting it to some degree. To how much of a degree is at question. Finelytuned data collector sets by Performance Analysis of Logs (PAL; seehttp://pal.codeplex.com) can be used by the IT professional to ensure they are onlygathering the data necessary to their problem set, so as to not negatively impactsystem performance too heavily while monitoring or baselining systems.One advantage to using ETW data providers rather than performance counterobject items is that ETW providers come from the kernel itself typically, rather thancoming from user mode measurements. What this means is that the data from ETWdata providers is more accurate and more reliable and also puts a lower load on thesystem. ETW logging is unlikely to suffer from missing data sets due to high systemload as well. Look for guidance on which items to collect though before diving in;ETL tracing can grow log files quickly.Jeff StokesPlatforms PFEAdditional capabilitiesA number of other advanced capabilities also have been integrated by Microsoft into theHyper-V extensible switch to help enhance security, monitoring, and troubleshootingfunctionality. These additional capabilities include the following:■■ DHCP guard Helps safeguard against Dynamic Host Configuration Protocol (DHCP)man-in-the-middle attacks by dropping DHCP server messages from unauthorizedVMs pretending to be DHCP servers■■ MAC address spoofing Helps safeguard against attempts to use ARP spoofing tosteal IP addresses from VMs by allowing VMs to change the source MAC address inoutgoing packets to an address that is not assigned to them
26 CHAPTER 2 Foundation for building your private cloud■■ Router guard Helps safeguard against unauthorized routers by dropping routeradvertisement and redirection messages from unauthorized VMs pretending to be routers■■ Port mirroring Enables monitoring of a VM’s network traffic by forwarding copies ofdestination or source packets to another VM being used for monitoring purposes■■ Port ACLs Helps enforce virtual network isolation by allowing traffic filtering basedon media access control (MAC) or IP address ranges■■ Isolated VLANs Allows segregation of traffic on multiple VLANs to facilitateisolation of tenant networks through the creation of private VLANs (PVLANs)■■ Trunk mode Allows directing traffic from a group of VLANs to a specific VM■■ Bandwidth management Allows guaranteeing a minimum amount of bandwidthand/or enforcing a maximum amount of bandwidth for each VM■■ Enhanced diagnostics Allows packet monitoring and event tracing through theextensible switch using ETL and Unified TracingMost of these additional capabilities can be configured from the graphical user interface(GUI) by opening the VM’s settings. For example, by selecting the network adapter underHardware, you can specify bandwidth management settings for the VM. Figure 2-4 showsthese settings configured in such a way that the VM always has at least 50 MBps of networkbandwidth available, but never more than 100 MBps. If your hosts reside in a shared cloudbeing used to provision applications and services to business units or customers, these newbandwidth management capabilities can provide the benefit of helping you meet your SLAswith these business units or customers.FIGURE 2-4 Minimum and maximum bandwidth settings have been configured for this VM.
A complete virtualization platform CHAPTER 2 27Clicking the plus sign (+) beside Network Adapter in these settings exposes two new pages ofnetwork settings: Hardware Acceleration and Advanced Features. We’ll examine the HardwareAcceleration settings later in this chapter, but for now, here are the Advanced Featuressettings which lets you configure MAC address spoofing, DHCP guard, router guard, portmirroring and NIC teaming for the selected network adapter of the VM, as shown in Figure 2-5.As the sidebar demonstrates, you also can use Windows PowerShell to configure andmanage the various advanced capabilities of the Hyper-V extensible switch.FIGURE 2-5 Configuring advanced features for network adapter settings for a VM.Using Windows PowerShell to configure the extensible switchLet’s briefly look at two scenarios where Windows PowerShell can be used toconfigurevarious features of the extensible network switch.Scenario 1: Enabling advanced networking featuresIn an upgrade scenario, you want to take advantage of advanced networkingfeatures of the extensible network switch. Namely, you want to enable the followingon all VMs on a Hyper-V host:■■ DHCP Guard
28 CHAPTER 2 Foundation for building your private cloud■■ Enable router advertisement guard■■ Enable Virtual Machine Queue (VMQ)Here’s what a VM looks like without any of the advanced networking features enabled:Now let’s do this on a Hyper-V host on every single VM on the Hyper-V host.First, let’s list all the VMs by issuing the Get-VM cmdlet:
A complete virtualization platform CHAPTER 2 29We have four VMs on this host. Let’s activate DHCP Guard, router advertisementguard, and VMQ in a single line:Once the Windows PowerShell prompt has returned, we can view the settings onany VM on this host:
30 CHAPTER 2 Foundation for building your private cloudNote: to do this in a Hyper-V cluster, simply prepend the previous statement withGet-ClusterGroup:Scenario 2: Configure ACLs on a VMMost organizations have a management network segment and will typicallyassociate a physical NIC on the management network segment. Suppose you wantto limit the network segment associated with the virtual NIC connected to themanagement network. Here’s how you’d create an ACL to accomplish this:This cmdlet allows both inbound and outbound traffic to the VM named wds02from the 192.168.1.0/24 segment. To view the settings:Adiy QasrawiConsultant, Microsoft Consulting Services (MCS)
A complete virtualization platform CHAPTER 2 31Learn moreIT pros can expect Microsoft partners and ISVs to take advantage of the extensible switchcapabilities of Hyper-V in Windows Server 2012 as new versions of their network monitoring,management, and security products begin to appear. For example:■■ Cisco Systems has announced that its Cisco Nexus 1000V distributed virtual switch willenable full VM-level visibility and security controls in Hyper-V environments; seehttp://newsroom.cisco.com/press-release-content?type=webcontent&articleId=473289.■■ inMon Corp. has announced that their sFlow traffic monitoring software will delivercomprehensive visibility into network and system resources in Hyper-V virtualenvironments; see http://www.inmon.com/news/20111003.php.■■ 5nine Software has announced that version 3.0 of 5nine Security Manager will be thefirst completely host-based Virtual Firewall with Anti-Virus (AV) for Windows 8; seehttp://www.5nine.com/News/news-firewall3-preview.aspx.For an overview of the requirements, implementation, and manageability of the Hyper-Vextensible switch, see the topic “Hyper-V Virtual Switch Overview” in the TechNet Library athttp://technet.microsoft.com/en-us/library/hh831452.aspx. For additional overviews of theHyper-V extensible switch, see the topic “Hyper-V Virtual Switch Overview,” athttp://technet.microsoft.com/en-us/library/hh831823.aspx and the post “IntroducingHyper-V Extensible Switch,” on the Server & Cloud Blog at http://blogs.technet.com/b/server-cloud/archive/2011/11/08/windows-server-8-introducing-hyper-v-extensible-switch.aspx.For a detailed overview of how the Hyper-V extensible switch operates and how to writeextensions for the switch, see the topic “Hyper-V Extensible Switch” in the Windows HardwareDevelopment section of MSDN at http://msdn.microsoft.com/en-us/library/windows/hardware/hh598161(v=vs.85).aspx.For a sample base library that can be used to implement a filter driver for the Hyper-Vextensible switch, see the topic “Hyper-V Extensible Virtual Switch extension filter driver” inthe Samples section of Dev Center—Hardware on MSDN at http://code.msdn.microsoft.com/windowshardware/Hyper-V-Extensible-Virtual-e4b31fbb/view/SourceCode.For more information on Windows PowerShell cmdlets like Get-VMSwitch,Get-VMSwitchExtension, Set-VMSwitchExtensionSwitchFeature, and other cmdlets forconfiguring and managing the Hyper-V extensible switch, see “Hyper-V Cmdlets in WindowsPowerShell” in the TechNet Library at http://technet.microsoft.com/library/hh848559.aspx.Network VirtualizationAs discussed in Chapter 1, “The business need for Windows Server 2012,” in the IaaS cloudcomputing model, the cloud provider runs a datacenter that offers “VMs for rent” along withdynamically allocated resources. The customer owns the VM and manages it as “its server”in the cloud. The meaning of the terms cloud provider and customer can differ, of course,
32 CHAPTER 2 Foundation for building your private clouddepending on whether you’re talking about a shared private cloud or a shared public cloud.Specifically, the following points apply:■■ In the shared private cloud scenario, the cloud provider is the organization itself, whichowns and operates its own datacenter, whereas the customers might be differentbusiness units, departments, or offices in different locations.■■ In the shared public cloud scenario, the cloud provider is the hosting company,whereas the customers might be large enterprises, mid-sized companies, or even smallbusinesses. The hosting company owns and manages the datacenter and may “rentout” servers to customers, offer colocation of customer-owned servers, or both.In both scenarios, the cloud provider can provide the numerous benefits of cloudcomputing to its customers, but typically not without problems using today’s technologies.For example, VLANs are typically used by cloud providers to isolate the servers belonging toone customer from those belonging to other customers and provisioned from the same cloud.VLANs accomplish this by adding tags to Ethernet frames. Then Ethernet switches can beconfigured to enforce isolation by allowing nodes that have the same tag to communicate witheach other, but not with nodes having a different tag. But VLANs have several limitations:■■ They have limited scalability because typical Ethernet switches support no more than1,000 VLAN IDs (with a theoretical maximum of 4,094).■■ They have limited flexibility because a single VLAN can’t span multiple IP subnets.■■ They have high management overhead associated with them because Ethernetswitches need to be reconfigured each time a VLAN is added or removed.Another problem that customers often experience when contemplating moving theircomputing resources to the cloud is IP addressing. The issue is that the customer’s existinginfrastructure typically has one addressing scheme, whereas the datacenter network has anentirely different addressing scheme. So when a customer wants to move one of its serversinto the cloud, typically by virtualizing the workload of the existing physical server so theworkload can be run as a VM hosted within the cloud provider’s datacenter, the customer isusually required to change the IP address of their server so it can fit the addressing schemeof the cloud provider’s network. This can pose difficulties, however, because IP addresses areoften tied to geographical locations, management policies, and security policies, so changingthe server’s address when its workload is moved into the cloud may result in routing issues,servers moving out of management scope, or security policies failing to be applied properly.It would simplify cloud migrations a lot if the customer’s servers could keep their existingIP addresses when their workloads are virtualized and moved into the cloud provider’sdatacenter. That way, the customer’s existing routing, management, and security policiesshould continue to work as before. And that’s exactly what Network Virtualization does!How Network Virtualization worksNetwork Virtualization is a new feature in Windows Server 2012 that lets you keep yourown internal IP addresses when moving your servers into the cloud. For example, let’s say
A complete virtualization platform CHAPTER 2 33that you have three on-premises physical servers having private IP addresses 192.168.33.45,192.168.33.46, and 192.168.33.47, and you want to move these servers to the datacenter ofa cloud provider called Fabrikam. These servers are currently in the 192.168.0.0/16 addressspace, and Fabrikam’s datacenter uses 10.0.0.0/24 for its datacenter network’s address space.If Fabrikam has Windows Server 2012 deployed in its datacenter, you’re in luck because yourservers can keep their existing IP addresses when their workloads are migrated into VMsrunning on Fabrikam host machines. This means that your existing clients, which are used toaccessing servers located on the 192.168.0.0/16 subnet, will be able to continue doing so withno modifications needed to your routing infrastructure, management platform, or networksecurity policies. That’s Network Virtualization at work.But what if another customer of Fabrikam uses the exact same subnetting scheme forits own virtualized workloads? For example, let’s say that Northwind Traders also has beenusing 192.168.0.0/16 on its private network, and one of the servers it’s moved into Fabrikam’sdatacenter has the exact same IP address (192.168.33.45) as one of the servers that you’vemoved into Fabrikam’s datacenter? No problem! Network Virtualization in Windows Server2012 provides complete isolation between VMs belonging to different customers even ifthose VMs use the exact same IP addresses!Network Virtualization works by allowing you to assign two different IP addresses to eachVM running on a Windows Server 2012 Hyper-V host. These two addresses are:■■ Customer address (CA) The IP address that the server had when it resided on thecustomer’s premises before it was migrated into the cloud. In the previous example,this might be the 192.168.33.45 address for a particular server that the customer wantsto move to the cloud.■■ Provider address (PA) The IP address assigned by the cloud provider to the serveronce the server has been migrated to the provider’s datacenter. In the previous example,this could be 10.44.2.133, or some other address in the 10.0.0.0/24 address space.From the customer’s perspective, communication with the migrated server is just the sameas if the server still resided on the customer’s own premises. This is because the VM runningthe customer’s migrated workload can see and use its customer address and thus can bereached by other hosts on the customer’s network. The VM cannot see or use its provideraddress, however, because this address is visible only to the hosts on the cloud provider’snetwork.Network Virtualization thus lets the cloud provider run multiple virtual networks ontop of a single physical network in much the same way as server virtualization lets yourun multiple virtual servers on a single physical server. Network Virtualization also isolateseach virtual network from every other virtual network, with the result that each virtualnetwork has the illusion that it is a separate physical network. This means that two ormore virtual networks can have the exact same addressing scheme, yet the networks willbe fully isolated from one another and each will function as if it is the only network withthat scheme.
34 CHAPTER 2 Foundation for building your private cloudTo make this all happen, Network Virtualization needs a way of virtualizing IP addressesand mapping them to physical addresses. Network Virtualization in Windows Server 2012offers two ways of accomplishing this:■■ Network Virtualization Generic Routing Encapsulation (NVGRE) In thisapproach, all the VM’s packets are encapsulated with a new header before they aretransmitted onto the physical network. NVGRE requires only one PA per host, which isshared by all VMs on that host.■■ IP rewrite This approach modifies the customer addresses of packets while they arestill on the VM and before they are transmitted onto the physical network. IP rewriterequires a one-to-one mapping of customer addresses to provider addresses.NVGRE is compatible with today’s datacenter network hardware infrastructure and is therecommended approach for implementing Network Virtualization.Because Network Virtualization is intended for datacenters, implementing it requires thatyou have a VM management framework in place. System Center Virtual Machine Manager2012 Service Pack 1 provides such a framework and lets you use Windows PowerShell or WMIto create and manage virtual networks.Benefits of Network VirtualizationNetwork Virtualization is key to being able to build and provision multi-tenant cloudservices, both for shared private clouds, where the “customers” are different business unitsor departments, and for public cloud scenarios, where the cloud provider offers “space torent” to all comers. Network Virtualization lets you create multi-tenant networks whereeach network is fully isolated from all other networks, and it does this without any of thelimitations of or overhead associated with the job of creating and managing VLANs. Thismeans that cloud providers can use Network Virtualization to create as many networks asyou want—thousands and thousands of them for example if you are a large hostingprovider—and then move workloads anywhere you want without having to perform thearduous (and error-prone) task of reconfiguring VLANs.Network Virtualization also provides greater flexibility for VM placement, which helpsreduce overprovisioning and fragmentation of resources for the cloud provider. By enablingdynamic VM placement, the cloud provider can make best use of the compute, network, andstorage resources within their datacenter and can monitor and control the provisioning ofthese resources more easily.Regardless of whether you are a customer looking to migrate your server workloads intothe cloud, an enterprise seeking to implement a shared private cloud for provisioning “serversfor rent” to different divisions or locations, or a hosting provider wanting to offer cloudhosting services to large numbers of customers, Network Virtualization in Windows Server2012 provides the foundation for achieving your goals. Table 2-2 summarizes the benefits ofNetwork Virtualization to these different parties.